Stamford, Conn. — Chief financial officers (CFOs) of life insurance companies continue to recognize enterprise risk management (ERM) as a critical management issue, as demonstrated both through the prominence they give ERM within the organization and the resources they devote to building ERM capabilities, according to a recent survey on “Embedding Enterprise Risk Management,” the latest in a series of Towers Perrin surveys aimed at life insurance CFOs. Towers Perrin is a Stamford, Conn.-based global professional services firm.

Thirty-eight CFOs participated in the Web-based survey, which also queried them for their prognosis on 2008 first quarter results. Respondents to the survey, conducted in February and March 2008 by the Tillinghast insurance consulting business, primarily included CFOs from large and midsize North American life insurance companies; nearly half had assets of $5 billion or more, while 13% were multinationals.

The survey revealed several crucial elements of ERM that many insurers have yet to address and fully implement. Although many life companies have made progress in such areas as risk identification, prioritization and measurement, few are achieving the desired full potential of ERM as a management tool. For example, the majority of respondents lack tools to measure value creation from ERM (83%), and have not yet aligned ERM with performance incentives (71%).

Among the areas where companies are lagging the most, according to the survey, are quantifying economic capital (EC) (68% do not currently have this capability in place), identifying and preparing for emerging risks (69%) and having a clear and defined vision of risk tolerances, risk appetite and overall risk profile (71%). It must be noted that, of the firms that currently do not have these capabilities, nearly all indicated they plan to implement them over the next one to three years.

“Most companies still have quite a way to go in aligning performance incentives with ERM development,” says Jack Gibson, managing principal of Towers Perrin’s Tillinghast Americas Life Practice. “In addition, the measurement and management of operational risk is still evolving, and rating agencies have played—and will continue to play—a paramount role in the development and ongoing refinement of companies’ ERM and EC frameworks.”

Approximately three-quarters of responding CFOs indicated that they have one or more tools for specifically monitoring and managing enterprisewide risk, while nearly one-third of respondents indicated that they use them primarily for identifying and quantifying significant risks across the organization. Moreover, 33% said they mainly use these tools for driving management action on risk mitigation and value creation.

Among the companies reporting having made significant headway in building their ERM capabilities in certain areas, 81% said they have adequate or better controls in place for most major risks, and 63% indicated they have in place a coordinated process for risk governance. Further, 58% include risk management in decision making to optimize risk-adjusted returns, and 47% said they are able to identify, measure and manage all risk exposures within tolerances.

“We are just beginning to see many companies getting serious about ERM and moving from just talking about it to implementing robust methods that address myriad risks,” says Prakash Shimpi, a managing principal of Towers Perrin with global responsibility for the company’s ERM practice. “It is abundantly clear that ERM will need to be higher on the CFO’s to-do-list if in fact companies wish to maintain healthy levels of financial performance.”

Rating Agencies Key to ERM Development

Rating agencies play an important role in the development and ongoing refinement of companies’ ERM and EC frameworks, as nearly 70% of respondents said they have established or are improving their ERM and EC frameworks due to rating agency comments. In addition, nearly all (96%) companies have had discussions with Standard & Poor’s or other major rating agencies (88%) on their ERM framework. More than two-thirds of respondents are comfortable with how these discussions went.

For the most part, companies are fairly confident in how the rating agencies view their ERM practices. More than half of respondents believe the rating agencies feel their ERM practices are good to excellent. Another third believe their practices are viewed as “generally acceptable.” Only 12% believe the rating agencies would like them to improve their ERM practices in some areas. However, rating agencies are continually reevaluating their criteria for what is expected in the future.

Operational Risk Management Still Evolving

Although operational risk management is still fairly under-analyzed at most companies, it is encouraging to note that most respondents recognize that this is not just about operations risk management. That being said, the survey responses demonstrate that a good number of insurers are not thinking about risk consistently.

For instance, 66% of CFOs surveyed believe that the definition of risk used in their companies’ operational risk management framework is consistent with the definition of risk used for managing market, credit and insurance risk. However, 58% of this group associate high risk with high probability and high impact, and 29% of respondents associated high risk with high-frequency and high-impact events.

“The survey responses indicate that the definition of risk used in operational risk management is generally not consistent with the definition used in other areas of risk management, where high risk is characterized by low probability (or low frequency) and high impact,” says Ali Samad-Khan, head of operational risk management consulting for Towers Perrin’s ERM practice.

“Clearly, it is very difficult to implement an operational risk management program that is based on an inappropriate conception of risk. Firms that intend to implement high-quality operational risk management programs should ensure that their framework is built on a solid foundation,” adds Samad-Khan. “Specifically, they should ensure that the definition of risk and the methods used to assess and measure risk are in line with the evolving standard for industry best practices.”

Source: Business Wire

Exclusive content available only on

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access